Attendance Tracker is a lightweight web app operated by Robert Stewart to record classroom attendance. The service is hosted on Google Cloud (Cloud Run) and uses Google OAuth for sign-in.
Contact
Email: [email protected]
Postal: 2220 Samuel J. LeFrak Hall, 7251 Preinkert Drive, College Park, MD 20742
What we collect
- Identity via Google Sign-in: Google account email and domain (e.g.,
@umd.edu/@terpmail.umd.edu) to confirm eligibility. - Form fields you submit: university email (entered), first name, last name, course, optional notes.
- Attendance metadata: timestamp and rotating QR/token checks tied to your session.
- Technical logs: IP address, user agent, and basic request logs for security/audit.
- Cookies: a short-lived session cookie to complete sign-in and prevent token abuse; no advertising identifiers.
We do not request access to your Google Drive or Sheets. Spreadsheet writes are performed server-to-server via a service account controlled by Robert Stewart.
How we use data
- Record attendance for enrolled courses.
- Validate sign-ins from allowed university domains.
- Troubleshoot, secure, and audit the service (e.g., investigate suspected misuse).
We do not sell personal data or use it for advertising.
Legal bases (if applicable)
- Legitimate interests / public task: academic attendance and course administration.
- Contract: delivering the service to instructors and students who choose to use it.
Sharing
- Service providers: Google Cloud, Cloudflare, or similar, under appropriate terms.
- Your institution: at the instructor’s direction (e.g., grade challenges, audits).
- Legal: where required by law.
Storage & security
Data is stored primarily in Google Sheets owned by Robert Stewart and protected by Google account controls. Transport is encrypted (HTTPS). Secrets and credentials are stored in the hosting environment (e.g., Secret Manager/Cloud Run secrets).
Retention
Unless your institution requires otherwise, attendance records are retained for up to one academic year after the course ends, then deleted or anonymized. Security logs are retained up to 90 days.
Your choices & rights
You may request access, correction, or deletion by emailing [email protected]. If your institution governs these records (e.g., FERPA in the U.S.), requests may be routed through the institution.
Children
This service is intended for higher-education students and is not directed to children under 13.
International transfers
Data may be processed in the United States. Where required, we use appropriate safeguards.
Changes to this policy
We’ll update this page for material changes and revise the “Effective date” above.
Google disclosure
Use of information received from Google APIs will adhere to the Google API Services User Data Policy. We only request basic identity scopes (openid, email, profile) for authentication.